[373] in Kerberos-V5-bugs
Re: question about sendauth
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Oct 15 00:30:45 1993
Date: Fri, 15 Oct 93 00:29:44 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: Jim_Miller@suite.com
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Jim Miller's message of Thu, 14 Oct 93 19:36:51 -0500,
From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 14 Oct 93 19:36:51 -0500
Is the absence of "memset((char *)&authent, 0, sizeof(authent));" in
the final "else" clause a bug, or is it absent for a reason?
It's a bug.
P.S. BTW, why do you zero out the authent struct?
Because if new_key is set, then krb5_mk_req_extended will generate a new
(random) session key to use for the association. This key returned in
new_key, but a copy of it also exists in the authenticator. Actually,
this code would be more streamlined by simply zeroing out the keying
information in the authenticator (since it's never used), so you don't
need to call memset() on authent at every single error return.....
- Ted
